Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 15,831 of 21,886 total issues

Method shell_registry_getvalinfo has 26 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def shell_registry_getvalinfo(key, valname, view)
    key = normalize_key(key)
    value = {
      'Data' => nil,
      'Type' => nil
Severity: Minor
Found in lib/msf/core/post/windows/registry.rb - About 1 hr to fix

    Method win_parse_results has 26 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def win_parse_results(str)
    tip = false
    hashish = {}
    lastkey = nil
    str.each_line do |line|
    Severity: Minor
    Found in lib/msf/core/post/windows/cli_parse.rb - About 1 hr to fix

      Method service_change_startup has 26 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

              def service_change_startup(name, mode, server = nil)
          if mode.is_a? Integer
            startup_number = mode
          else
            case mode.downcase
      Severity: Minor
      Found in lib/msf/core/post/windows/services.rb - About 1 hr to fix

        Method busy_box_write_file has 26 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def busy_box_write_file(file_path, data, prepend = false)
    if prepend
      dir = busy_box_writable_dir
      return false unless dir
      cmd_exec("cp -f #{file_path} #{dir}tmp")
        Severity: Minor
        Found in lib/msf/core/post/linux/busy_box.rb - About 1 hr to fix

          Method attempt_login has 26 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

                  def attempt_login(credential)
          result_opts = {
            credential: credential
          }
          Severity: Minor
          Found in lib/metasploit/framework/login_scanner/smh.rb - About 1 hr to fix

            Method attempt_login has 26 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

                    def attempt_login(credential)
          result_opts = {
            credential: credential,
            status: Metasploit::Model::Login::Status::INCORRECT,
            proof: nil,
            Severity: Minor
            Found in lib/metasploit/framework/login_scanner/wowza_streaming_engine_manager.rb - About 1 hr to fix

              Method attempt_login has 26 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                      def attempt_login(credential)
          result_options = {
              credential: credential
          }
              Severity: Minor
              Found in lib/metasploit/framework/login_scanner/db2.rb - About 1 hr to fix

                Method Exec has 26 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                            public virtual void Exec(int oldLen)
            {
                try {
                    // generate JIT-code for Payload()
                    Payload();
                Severity: Minor
                Found in external/source/exploits/cve-2013-0074/SilverApp1/MainPage.xaml.cs - About 1 hr to fix

                  Function check_logins has 8 arguments (exceeds 4 allowed). Consider refactoring.
                  Open

                  def check_logins(rhost, rport, targeturi, domain, usernames, passwords, timeout, user_agent):
                  Severity: Major
                  Found in modules/auxiliary/scanner/http/rdp_web_login.py - About 1 hr to fix

                    Function __init__ has 8 arguments (exceeds 4 allowed). Consider refactoring.
                    Open

                        def __init__(self, command='', username='', password='', domain='', hashes=None, share=None,
                    Severity: Major
                    Found in modules/auxiliary/scanner/smb/impacket/dcomexec.py - About 1 hr to fix

                      Function check_login has 8 arguments (exceeds 4 allowed). Consider refactoring.
                      Open

                      def check_login(rhost, rport, targeturi, domain, username, password, timeout, user_agent):
                      Severity: Major
                      Found in modules/auxiliary/scanner/http/rdp_web_login.py - About 1 hr to fix

                        Function _encdec has 8 arguments (exceeds 4 allowed). Consider refactoring.
                        Open

                            def _encdec(self, data, K, s, S, L1, L2, L3, L4):
                        Severity: Major
                        Found in data/meterpreter/python/met_aes.py - About 1 hr to fix

                          Consider simplifying this complex logical expression.
                          Open

                                              if ((node.is_leaf? && !strpath.include?('.')) || node.is_root? || !node.is_leaf?) && (!usinginipath || (usinginipath && strpath.match(inipathname)))

                      modopts['PATH'] = strpath
                      print_status("Path: #{strpath}")
                          Severity: Major
                          Found in plugins/wmap.rb - About 1 hr to fix

                            Method scheduleremote has 8 arguments (exceeds 4 allowed). Consider refactoring.
                            Open

                            def scheduleremote(session,schtype,cmd,tmmod,cmdopt,targetsys,username,password)
                            Severity: Major
                            Found in scripts/meterpreter/scheduleme.rb - About 1 hr to fix

                              Consider simplifying this complex logical expression.
                              Open

                                  if res && res.code == 200 && res.body &&
       res.body.to_s =~ /ManageEngine Password Manager Pro/ &&
       (
         res.body.to_s =~ /login\.css\?([0-9]+)/ ||                            # PMP v6
         res.body.to_s =~ /login\.css\?version=([0-9]+)/ ||                    # PMP v6
                              Severity: Major
                              Found in modules/auxiliary/admin/http/manageengine_pmp_privesc.rb - About 1 hr to fix

                                Consider simplifying this complex logical expression.
                                Open

                                    if xmlResponse.include?('NET5501') || xmlResponse.include?('NET5501-I') || xmlResponse.include?('NET5501-XT') || xmlResponse.include?('NET5504') || xmlResponse.include?('NET5500') || xmlResponse.include?('NET5516') || xmlResponse.include?('NET5508')
      return Exploit::CheckCode::Appears
    end
                                Severity: Major
                                Found in modules/exploits/unix/http/schneider_electric_net55xx_encoder.rb - About 1 hr to fix

                                  Consider simplifying this complex logical expression.
                                  Open

                                        if (version[0].to_i < 11) or
      (version[0].to_i == 11 and version[1].to_i <= 3) or
      (version[0].to_i == 11 and version[1].to_i == 3 and version[2].to_i == 0 and version[3].to_i < 999)
        ctx = { 'Msf' => framework, 'MsfExploit' => self }
        sock = Rex::Socket.create_tcp({ 'PeerHost' => rhost, 'PeerPort' => datastore['RPORT_REMOTING'], 'Context' => ctx })
                                  Severity: Major
                                  Found in modules/exploits/windows/http/trackit_file_upload.rb - About 1 hr to fix

                                    Consider simplifying this complex logical expression.
                                    Open

                                              elsif (error[0].empty? or (error[0].unpack('C')[0] & 3) == 0) and # fd_nextsize
                (error[1].empty? or (error[1].unpack('C')[0] & 3) == 0) and # fd
                (error[2] =~ /\A503 [^s].?\z/mn) and ((error[2].unpack('C*')[4] & 7) == PREV_INUSE) and # size
                (error[3] == "177") # the last \x7F of our BAD1 command, encoded as \\177 by string_printing()
            leaked_arch = ARCH_X86
                                    Severity: Major
                                    Found in modules/exploits/linux/smtp/exim_gethostbyname_bof.rb - About 1 hr to fix

                                      Method initialize has 8 arguments (exceeds 4 allowed). Consider refactoring.
                                      Open

                                          def initialize(year=0, month=0, day=0, hour=0, minute=0, second=0, neg=false, second_part=0)
                                      Severity: Major
                                      Found in lib/rbmysql.rb - About 1 hr to fix

                                        Method initialize has 8 arguments (exceeds 4 allowed). Consider refactoring.
                                        Open

                                                def initialize(host, port = 21, ssl = nil, ssl_version = nil, proxies = nil, username = '', password = '', verbose = false)
                                        Severity: Major
                                        Found in lib/rex/proto/ftp/client.rb - About 1 hr to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language